NATO probes hacktivist crew’s boasts of stolen portal data

NATO is investigating claims by miscreants that they broke into the military alliance’s unclassified information-sharing and collaboration IT environment, stole information belonging to 31 nations, and leaked 845 MB of compressed data.

On July 23, SiegedSec, a crew that describes itself as “gay furry hackers” and typically targets governments in politically motivated stunts, shared what was said to be stolen NATO documents via the gang’s Telegram channel. The hacktivists’ Telegram post included screenshots of the alleged files and a link, now defunct, to download the data.

“Do you like leaks? Us too! Do you like NATO? We don’t! And so, we present… a leak of hundreds of documents retrieved from NATO’s COI portal, intended only for NATO countries and partners,” SiegedSec claimed.

The Communities of Interest (COI) Cooperation Portal is used by NATO organizations and member states. And while it doesn’t contain classified information, there’s still perhaps mayhem, fraud, and money to be made from releasing unclassified government info.

SiegedSec said the purported theft “has nothing to do” with the Russian invasion of Ukraine. “This is a retaliation against the countries of NATO for their attacks on human rights,” the crew stated, adding that it’s also “fun to leak documents.”

When asked about SiegedSec’s claims, a NATO official declined to answer specific questions, and provided the following statement:

According to threat intel firm CloudSEK, which analyzed the leaked data, the dump contains various unclassified documents and 8,000 personnel records containing details including: names, companies and units, working groups, job titles, business email addresses, home addresses, and photos.

“Our analysis suggests that there are at least 20 unclassified documents in the leak,” the team concluded.

While it’s unclear how SiegedSec broke into the portal, as claimed, CloudSEK suggested the intruders may have used used stolen credentials.

“With low confidence and no direct proof, we assess that the credentials for the compromised user account may have likely been sourced from stealer logs,” the analysts said.

Last month SiegedSec leaked stolen data from agencies in six American states and said the hacks were in response to legislative attacks on gender-affirming care.

The group has also previously targeted anti-abortion states, reportedly in response to the US Supreme Court ruling overturning Roe v. Wade last summer. After leaking internal files stolen from Kentucky and Arkansas government servers, SiegedSec posted: “One shouldn’t be denied access to abortion.” ®

READ MORE HERE